Some online service providers such as banking institutions require some form of authentication in order to process a transaction. For example, a user that wishes to transfer funds from an account with a bank to another account typically needs to provide something he knows, such as a password, to the bank in order to the bank to carry out the transfer.
Some conventional authentication approaches involve asking the user for something he has in addition to something he knows. Along these lines, once the user wishing to transfer the funds inputs a correct password for a bank account, the bank may require the user to input a randomly generated number from a token application on his smartphone. In order for the bank to process the funds transfer, the user must send the randomly generated number to the bank as proof that the user has the smartphone.